Attackers abuse Google Ads, GitLab, and Claude to deliver malware

Attackers are exploiting trusted platforms like Google Ads, GitLab, and Claude to deliver malware by impersonating popular AI developer tools and using ClickFix social engineering attacks (tricking users into manually running malicious commands). Over a seven-week campaign, threat actors created fake pages on legitimate services and used Google Ads to direct more than 2,000 victims to malicious sites where they were convinced to copy and paste harmful PowerShell or terminal commands (code that executes instructions). The campaign succeeded because victims trusted these platforms and assumed instructions from AI tools were reliable, making the attacks harder to detect than traditional malware campaigns.